Re: Unix users and groups... Was: "peer" authentication...
| От | Bryn Llewellyn |
|---|---|
| Тема | Re: Unix users and groups... Was: "peer" authentication... |
| Дата | |
| Msg-id | 16361F79-E516-4793-BE5C-6F99DFE68DA6@yugabyte.com обсуждение исходный текст |
| Ответ на | Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should ("Peter J. Holzer" <hjp-pgsql@hjp.at>) |
| Список | pgsql-general |
> hjp-pgsql@hjp.at wrote: > >> bryn@yugabyte.com: >> >> For the purpose of the tests that follow, I set up the O/S users "bob" and "mary" so that "id bob mary postgres" showsthis: >> >> id=1002(bob) gid=1001(postgres) groups=1001(postgres) >> uid=1003(mary) gid=1001(postgres) groups=1001(postgres) > > This has nothing to do with your problem, but don't do this. Normal users should not be in group "postgres". That givesthem access to some files which are not readable by the public. It might be useful for administrators, but AFAICS yourtest users aren't supposed to be that. > >> uid=1001(postgres) gid=1001(postgres) groups=1001(postgres),27(sudo),114 (ssl-cert) > > And is there a reason for postgres to be in group sudo? Thanks for pointing this out, Peter. I was careless. I'm testing ideas using my laptop. And apart from the fragments of SQL, O/S scripts, and what these report,that I've shown on this list, everything is private. (Nobody else can access my laptop without stealing it and breakingin.) That's no excuse for showing sloppy practices. I'll aim to do better.
В списке pgsql-general по дате отправления: